Arbitrary Code Execution via File Upload in Prestashop 1.7.6.7 Catalog Feature

Arbitrary Code Execution via File Upload in Prestashop 1.7.6.7 Catalog Feature

CVE-2020-21967 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.

Learn more about our Web Application Penetration Testing UK.